- Gradle projects contain cycles which comes from dependencies to
test sources which is not a problem in gradle but eclipse metadata
generation is getting confused. Thus we need settings to relax errors
org.eclipse.jdt.core.circularClasspath=warning
org.eclipse.jdt.core.incompleteClasspath=warning
- Additionally .classpath entries needs to be changes having
without_test_code=false
test=false
- Aspects end up getting source dirs `build/classes/java/main`
and `build/resources/main` which never have sources. Vscode complains
about that, eclipse is fine. Remove those from entries.
- In tests `htmlunit` depends on `xml-apis`. `xml-apis` are now part
of jdk and eclipse complains about that. Excluse these in a gradle build.
- Both eclipse and vscode don't currently work with buildship, due to
project cycles and buildship cannot be configured. It's possible to
create metadata from `eclipse` task manually which then can be imported.
For this we need to disable automatic import in vscode using buildship.
This goes to `.vscode/settings.json` workspace config.
- Then with these changes user can do something like
git clean -fxd && ./gradlew clean build cleanEclipse eclipse -x checkstyleNohttp -x test -x integrationTest
and import projects manually.
Like Basic and Bearer authentication, X509 is
stateless by default. As such, it is better to not
pick up the global SecurityContextRepository bean.
The better fix is to change the default from
HttpSessionSecurityContextRepository to
RequestAttributeSecurityContextRepository.
Issue gh-13008
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.
In particular, this exception can occur when mixing standard and custom DSL to register filters.
The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.
It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.
The error handling is implemented similarly to HttpSecurity#addFilter.
Closes gh-12637
- If Method Security asks for too early, it is no longer
eligible for post-processing. As such, this commit defers loading it until
the first authorization request.
Issue gh-11990
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.
This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.
Closes gh-12070
Marcus Da Coregio
Janne Valkealahti
Josh Cummings
lukasz.migdalek
Ruslan Stelmachenko
Martin Tarjányi
twosom
Leonid Rozenblyum
Tobias Meurer
Steve Riesenberg
Mitja Kotnik
Guillaume Husta
Jan Marten
Koos Gadellaa
Rob Winch
mmoussa_mapfreusa